Recording medium control method, data management apparatus, and recording medium

Ono, Akiko ;   et al.

Patent Application Summary

U.S. patent application number 10/153644 was filed with the patent office on 2002-10-03 for recording medium control method, data management apparatus, and recording medium. This patent application is currently assigned to Fujitsu Limited. Invention is credited to Nishimura, Hisayuki, Ono, Akiko.

Application Number20020139860 10/153644
Document ID /
Family ID14237449
Filed Date2002-10-03
United States Patent Application 20020139860
Kind Code A1
Ono, Akiko ;   et al. October 3, 2002
Recording medium control method, data management apparatus, and recording medium

Abstract

The present invention has an object of providing a recording medium control method, a data management apparatus, and a recording medium for managing data by duplicating the data in each of a plurality of recording media. Two IC cards are loaded into a data management apparatus. In duplicating data in the two loaded IC cards, the two IC cards store their card characteristic numbers for self-identification and the card characteristic number of each other's pair IC card. If the card characteristic number of the pair IC card stored in one IC card matches the card characteristic number of the other IC card, the two IC cards are controllable.

Inventors: Ono, Akiko; (Zama, JP) ; Nishimura, Hisayuki; (Kawasaki, JP)
Correspondence Address: 
    ARMSTRONG,WESTERMAN & HATTORI, LLP
    1725 K STREET, NW.
    SUITE 1000
    WASHINGTON
    DC
    20006
    US
Assignee: Fujitsu Limited
Kawasaki
JP
Family ID: 14237449
Appl. No.: 10/153644
Filed: May 24, 2002
Related U.S. Patent Documents
Application Number Filing Date Patent Number
10153644 May 24, 2002
PCT/JP99/06736 Dec 1, 1999
Current U.S. Class: 235/487
Current CPC Class: G07F 7/1008 20130101; G06K 19/10 20130101; G06Q 20/341 20130101; G06Q 20/229 20200501; G06K 7/0034 20130101; G06Q 20/4097 20130101
Class at Publication: 235/487
International Class: G06K 019/00
Claims


1. A recording medium control method for controlling access to a plurality of recording media each storing duplicated data, wherein: each of the recording media stores identification information for identifying which of the recording media stores the duplicated data; it is determined whether the data of the recording media are consistent with each other based on the identification information; the access to the recording media is enabled if it is determined that the data of the recording media are consistent with each other; and the access to the recording media is inhibited if it is determined that the data of the recording media are inconsistent with each other.

2. The recording medium control method as claimed in claim 1, wherein each of the recording media stores, as the identification information, first identification information for self-identification and second identification information for identifying another of the recording media; and it is determined that there is data consistency between one of the recording media and the rest of the recording media if the first identification information of the one of the recording media exists as the second identification information in the rest of the recording media.

3. The recording medium control method as claimed in claim 1, wherein each of the recording media stores third identification information for identifying an apparatus in which the recording media are loaded; and the apparatus is enabled to control the recording media when the third identification information matches identification information of the apparatus.

4. A data management apparatus loaded with a plurality of recording media each storing duplicated data and controlling access to the loaded recording media, the data management apparatus comprising: an access control part determining whether the duplicated data of the recording media are consistent with each other and controlling the access to the recording media based on a result of the determination, wherein: each of the recording media stores identification information for identifying which of the recording media stores the duplicated data; said access control part makes the determination based on the identification information; and said access control part enables the access to the recording media if said access control part determines that the data of the recording media are consistent with each other and inhibits the access to the recording media if said access control part determines that the data of the recording media are inconsistent with each other.

5. The data management apparatus as claimed in claim 4, wherein each of the recording media stores, as the identification information, first identification information for self-identification and second identification information for identifying another of the recording media; and said access control part determines that there is data consistency between one of the recording media and the rest of the recording media if the first identification information of the one of the recording media exists as the second identification information in the rest of the recording media.

6. The data management apparatus as claimed in claim 5, wherein each of the recording media stores third identification information for identifying the data management apparatus in which the recording media are loaded; and said access control part enables the data management apparatus to control the recording media when the third identification information matches identification information of the data management apparatus.

7. The data management apparatus as claimed in claim 4, wherein each of the recording media stores version information updated every time the data thereof is updated; and said access control part records the data of a first one of the recording media on a second one of the recording media so as to set the first and second recording media controllable if the version information of the first and second information media are different from each other, the version information of the first recording medium being updated more times than that of the second recording medium.

8. The data management apparatus as claimed in claim 7, further comprising a version number update part updating the version information of each of the recording media when the recording media are removed from the data management apparatus in which the recording media are loaded.

9. The data management apparatus as claimed in claim 4, wherein each of the recording media stores determination information for determining whether the recording medium is independently controllable; and said access control part recognizes the determination information of each of the recording media if said access control part determines that there is no data consistency between the recording media, and sets one of the recording media controllable if the determination information of the one of the recording media shows that the one of the recording media is independently controllable.

10. The data management apparatus as claimed in claim 4, wherein each of the recording media stores determination information for determining whether the recording medium is in use; and said access control part inhibits the access to the recording media if the determination information shows that at least one of the recording media is in use, and sets the recording media usable if the determination information shows that all of the recording media are unused.

11. The data management apparatus as claimed in claim 4, wherein each of the recording media stores determination information for determining whether the data recorded on the recording medium is valid or invalid; and said access control part inhibits the access to the recording media if the determination information of one of the recording media shows that the data recorded thereon is invalid.

12. The data management apparatus as claimed in claim 4, wherein each of the recording media has the data stored divided into a plurality of data blocks, and stores data identification information for identifying divided pieces of the data with corresponding data block identification information for identifying the data blocks storing the divided pieces of the data; and said access control part recognizes the data block identification information based on the data identification information and makes accessible one of the data blocks which one stores a required one of the divided pieces of the data based on the data block identification information.

13. The data management apparatus as claimed in claim 4, further comprising: a monitoring part monitoring an abnormality in each of the recording media storing abnormal information indicating whether another of the recording media has the abnormality; and an information recording part recording information indicating occurrence of the abnormality in one of the recording media on the rest of the recording media as the abnormal information if the abnormality in the one of the recording media is detected.

14. A recording medium for recording data, comprising: a plurality of data blocks for recording the data, the data blocks each comprising: a data recording part recording a number of times the data is updated as number management information; and a recording control part moving the data stored in the data block to a next available one of the data blocks if the number management information reaches a preset given number of times.
Description


TECHNICAL FIELD

[0001] The present invention relates to recording medium control methods, data management apparatuses, and recording media, and more particularly to a recording medium control method, a data management apparatus, and a recording medium for data management by duplicating data in each of a plurality of recording media.

[0002] Commercial transactions using electronic money have been conducted of late. For the commercial transactions using electric money, management apparatuses employing IC cards as storage devices for receiving and transferring value data such as electronic money have been developed. Normally, an IC card employed in such management apparatuses is provided with a unique IC chip having a particular authentication function. Such an IC card is allowed to exchange data only with an IC card or an apparatus having the same IC chip, thereby increasing the reliability of the data.

[0003] However, the reliability of the data is insufficient since the data is still exchangeable between the IC cards or the IC card and the apparatus having the same IC chip. Therefore, there have been demands for further increasing the data reliability.

BACKGROUND ART

[0004] FIG. 1 is a block diagram showing a conventional example.

[0005] IC cards 2-1 through 2-n are attached to an electronic money management apparatus 1. The electronic money management apparatus 1 is connected via a network 3 to a terminal device 4.

[0006] The electronic money management apparatus 1 stores value data such as electronic money in the IC cards 2-1 through 2-n, and exchanges the value data such as electronic money with the terminal device 4 via the network 3.

[0007] The electronic money management apparatus 1 is composed of communication parts 5 and 6, a nonvolatile memory 7, a CPU 8, and connection terminals 9-1 through 9-n. The communication part 5 controls communication with the network 3. The communication part 6 controls communication with the IC cards 2-1 through 2-n.

[0008] The nonvolatile memory 7 stores an apparatus characteristic number characteristic of the electronic money management apparatus 1. The CPU 8 obtains value data to be stored in the IC cards 2-1 through 2-n in accordance with the exchange of the value data, and stores the obtained value data in the IC cards 2-1 through 2-n. The connection terminals 9-1 through 9-n are connected to the IC cards 2-1 through 2-n, respectively.

[0009] Each of the IC cards 2-1 through 2-n is composed of an external terminal 10 and an IC chip 11. The external terminal 10 is connected to one of the connection terminals 9-1 through 9-n of the electronic money management apparatus 1 so as to connect the IC chip 11 with the electronic money management apparatus 1.

[0010] The IC chip 11 is composed of communication part 12, a CPU 13, a nonvolatile memory 14, and a volatile memory 15. The communication part 12 controls communication with the electronic money management apparatus 1.

[0011] The CPU 13 controls writing the value data to and reading the value data from the nonvolatile memory 14 in accordance with a program stored in the nonvolatile memory 14. The nonvolatile memory 14 includes an EEPROM and stores the value data and the program executed by the CPU 13. The volatile memory 15 is used as a working storage for processing by the CPU 13. For instance, program control data is loaded thereinto from the nonvolatile memory 14.

[0012] In the conventional electronic money management apparatus 1, no value data stored in the IC cards 2-1 through 2-n are duplicated.

[0013] Therefore, if the IC cards 2-1 through 2-n are extracted from the electronic money management apparatus 1 or otherwise damaged, the value data of the extracted or damaged IC cards 2-1 through 2-n are lost, so that services cannot be provided.

[0014] If value data is to be duplicated in the same IC card in the case of making a duplicate of the value data, no value data can be read out when the IC card is extracted or damaged. Therefore, there is no meaning in duplicating the value data. Accordingly, in the case of duplicating the value data, it is necessary to make a duplicate in a different IC card. In the case of duplicating the value data in a different IC card, the value data is preserved by the different IC card even if the original IC card is lost or damaged.

[0015] However, once the IC card is duplicated, a false IC card may be issued based on a false claim that either one of the IC cards is damaged. Further, there is a problem in that when a duplicate of the IC card is made by using an IC card that is a duplicate of another IC card, the value data already stored in the IC card for backup may be deleted mistakenly by a wrong operation of an operator.

[0016] The conventional electronic money management apparatus 1 employs the IC cards 2-1 through 2-n for managing the value data. Each of the IC cards uses the EEPROM for retaining the value data. The number of times writing is performed to the EEPROM is physically limited.

[0017] Therefore, if the number of times writing is performed to a certain region of the EEPROM increases, use of the other regions of the EEPROM with a smaller number of write operations is limited by the life of the region with a larger number of write operations, thus causing the problem of inefficiency.

[0018] The present invention is made in view of the above-described points, and an object of the present invention is to provide a recording medium control method, a data management apparatus, and a recording medium with high reliability.

DISCLOSURE OF THE INVENTION

[0019] The above object of the present invention is achieved by a recording medium control method for controlling access to a plurality of recording media each storing duplicated data, wherein each of the recording media stores identification information for identifying which of the recording media stores the duplicated data, it is determined whether the data of the recording media are consistent with each other based on the identification information, the access to the recording media is enabled if it is determined that the data of the recording media are consistent with each other, and the access to the recording media is inhibited if it is determined that the data of the recording media are inconsistent with each other.

[0020] Further, according to the present invention, each of the recording media may store, as the identification information, first identification information for self-identification and second identification information for identifying another of the recording media, and it may be determined that there is data consistency between one of the recording media and the rest of the recording media if the first identification information of the one of the recording media exists as the second identification information in the rest of the recording media.

[0021] Further, according to the present invention, each of the recording media may store third identification information for identifying an apparatus in which the recording media are loaded, and the apparatus is enabled to control the recording media when the third identification information matches identification information of the apparatus.

[0022] The above object of the present invention is also achieved by a data management apparatus loaded with a plurality of recording media each storing duplicated data and controlling access to the loaded recording media, the data management apparatus including an access control part determining whether the duplicated data of the recording media are consistent with each other and controlling the access to the recording media based on a result of the determination, wherein each of the recording media stores identification information for identifying which of the recording media stores the duplicated data, the access control part makes the determination based on the identification information, and the access control part enables the access to the recording media if said access control part determines that the data of the recording media are consistent with each other and inhibits the access to the recording media if said access control part determines that the data of the recording media are inconsistent with each other.

[0023] Further, according to the present invention, each of the recording media may store, as the identification information, first identification information for self-identification and second identification information for identifying another of the recording media, and the access control part may determine that there is data consistency between one of the recording media and the rest of the recording media if the first identification information of the one of the recording media exists as the second identification information in the rest of the recording media.

[0024] Further, according to the present invention, each of the recording media may store third identification information for identifying the data management apparatus in which the recording media are loaded, and the access control part enables the data management apparatus to control the recording media when the third identification information matches identification information of the data management apparatus.

[0025] Further, according to the present invention, each of the recording media may store version information updated every time the data thereof is updated, and the access control part may record the data of a first one of the recording media on a second one of the recording media so as to set the first and second recording media controllable if the version information of the first and second information media are different from each other, the version information of the first recording medium being updated more times than that of the second recording medium.

[0026] Further, the data management apparatus according to the present invention may further include a version number update part updating the version information of each of the recording media when the recording media are removed from the data management apparatus in which the recording media are loaded.

[0027] Further, according to the present invention, each of the recording media may store determination information for determining whether the recording medium is independently controllable, and the access control part may recognize the determination information of each of the recording media if the access control part determines that there is no data consistency between the recording media, and set one of the recording media controllable if the determination information of the one of the recording media shows that the one of the recording media is independently controllable.

[0028] Further, according to the present invention, each of the recording media may store determination information for determining whether the recording medium is in use, and the access control part may inhibit the access to the recording media if the determination information shows that at least one of the recording media is in use, and sets the recording media usable if the determination information shows that all of the recording media are unused.

[0029] Further, according to the present invention, each of the recording media may store determination information for determining whether the data recorded on the recording medium is valid or invalid, and the access control part may inhibit the access to the recording media if the determination information of one of the recording media shows that the data recorded thereon is invalid.

[0030] Further, according to the present invention, each of the recording media may have the data stored divided into a plurality of data blocks, and store data identification information for identifying divided pieces of the data with corresponding data block identification information for identifying the data blocks storing the divided pieces of the data, and the access control part may recognize the data block identification information based on the data identification information and makes accessible one of the data blocks which one stores a required one of the divided pieces of the data based on the data block identification information.

[0031] Further, the data management apparatus according to the present invention may further include a monitoring part monitoring an abnormality in each of the recording media storing abnormal information indicating whether another of the recording media has the abnormality, and an information recording part recording information indicating occurrence of the abnormality in one of the recording media on the rest of the recording media as the abnormal information if the abnormality in the one of the recording media is detected.

[0032] The above object of the present invention is further achieved by a recording medium for recording data including a plurality of data blocks for recording the data, the data blocks each including a data recording part recording a number of times the data is updated as number management information, and a recording control part moving the data stored in the data block to a next available one of the data blocks if the number management information reaches a preset given number of times.

BRIEF DESCRIPTION OF THE DRAWINGS

[0033] FIG. 1 is a block diagram showing a conventional example;

[0034] FIG. 2 is a block diagram showing a first embodiment of the present invention;

[0035] FIG. 3 is a diagram showing a data configuration of a nonvolatile memory of an IC card according to the first embodiment of the present invention;

[0036] FIGS. 4A through 4D are flowcharts of a duplicate cards authentication operation according to the first embodiment of the present invention;

[0037] FIG. 5 is a flowchart of an operation of checking correctness of data of the IC card according to the first embodiment of the present invention;

[0038] FIG. 6 is a flowchart of an operation of extracting the IC card according to the first embodiment of the present invention;

[0039] FIG. 7 is a diagram for illustrating an operation at a time of loading the IC card in an initial state into an electronic money management apparatus according to the first embodiment of the present invention;

[0040] FIG. 8 is a diagram for illustrating an operation at a time of normally moving the IC card from one electronic money management apparatus to another according to the first embodiment of the present invention;

[0041] FIG. 9 is a diagram for illustrating an operation at a time of extracting the IC card forcibly from the electronic money management apparatus according to the first embodiment of the present invention;

[0042] FIG. 10 is a diagram for illustrating an operation at a time of loading the IC card into the electronic money management apparatus according to the first embodiment of the present invention;

[0043] FIG. 11 is a diagram for illustrating an operation at a time of occurrence of a failure in the IC card according to the first embodiment of the present invention;

[0044] FIG. 12 is a diagram for illustrating an operation at a time of occurrence of a failure in the electronic money management apparatus according to the first embodiment of the present invention;

[0045] FIG. 13 is a diagram for illustrating an operation at a time of loading a manager card into the electronic money management apparatus according to the first embodiment of the present invention;

[0046] FIG. 14 is a flowchart of a normal operation according to the first embodiment of the present invention;

[0047] FIG. 15 is a flowchart of a data write operation according to the first embodiment of the present invention;

[0048] FIG. 16 is a flowchart of an activity check operation according to the first embodiment of the present invention;

[0049] FIG. 17 is a diagram for illustrating commands transmitted from the electronic money management apparatus to the IC card according to the first embodiment of the present invention;

[0050] FIG. 18 is a diagram showing data formats of data communicated between the electronic money management apparatus and the IC card according to the first embodiment of the present invention;

[0051] FIG. 19 is a diagram for illustrating a data management structure of the IC card according to a first variation of the first embodiment of the present invention;

[0052] FIG. 20 is a flowchart of an operation of managing the nonvolatile memory of the IC card according to the first variation of the first embodiment of the present invention;

[0053] FIG. 21 is a diagram showing a data configuration of the nonvolatile memory of the IC card according to a second variation of the first embodiment of the present invention;

[0054] FIG. 22 is a flowchart of an operation of managing the nonvolatile memory of the IC card according to the second variation of the first embodiment of the present invention;

[0055] FIG. 23 is a diagram for illustrating a third variation of the first embodiment of the present invention;

[0056] FIG. 24 is a flowchart of an operation of managing the nonvolatile memory of the IC card according to the third variation of the first embodiment of the present invention;

[0057] FIG. 25 is a block diagram showing a second embodiment of the present invention; and

[0058] FIG. 26 is a block diagram showing a third embodiment of the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0059] FIG. 2 is a block diagram showing a first embodiment of the present invention. In FIG. 2, the same elements as those of FIG. 1 are referred to by the same numerals, and a description thereof will be omitted.

[0060] In this embodiment, the operations of an electronic money management apparatus 16 and IC cards 17-1 and 17-2 and data configuration are different from the operations of the electronic money management apparatus 1 and the IC cards 2-1 and 2-2 and the data configuration of FIG. 1.

[0061] External terminals 10 of the paired IC cards 17-1 and 17-2 are connected to the connection terminals 9-1 and 9-2, respectively, of the electronic money management apparatus 16.

[0062] The electronic money management apparatus 16 controls the data of the IC cards 17-1 and 17-2 based on a control program stored in the built-in nonvolatile memory 7. Further, the electronic money management apparatus 16 has apparatus identification information (an apparatus number) for identifying the apparatus stored in the built-in nonvolatile memory 7. The IC cards 17-1 and 17-2 store the same value data. That is, the data is duplicated in the IC cards 17-1 and 17-2.

[0063] FIG. 3 is a diagram showing data configuration of the nonvolatile memory 14 of the IC card of the first embodiment of the present invention.

[0064] The nonvolatile memory 14 of each of the IC cards 17-1 and 17-2 is composed of a card characteristic number area 17a, a card number registration area 17b, an apparatus number registration area 17c, a version number management area 17d, a pair failure flag area 17e, an UNUSED flag area 17f, an INVALID flag area 17g, a value data area 17h, a transaction history area 17i, a checksum data area 17j, a program area 17k, and a single use flag setting area 17l.

[0065] The card characteristic number area 17a stores an IC card characteristic number assigned to and characteristic of each IC card. The IC card characteristic number is identification information for identifying each IC card. The card number registration area 17b stores the IC card characteristic number of an IC card paired with the IC card (a pair IC card). The apparatus number registration area 17c stores an apparatus number. The apparatus number is the identification information for identifying the electronic money management apparatus 16.

[0066] The version number management area 17d stores version number information. The version number information shows the version number of the value data stored in the value data area 17h. The pair failure flag area 17e stores a flag indicating whether the pair IC card had any failure in the past. The UNUSED flag area 17f stores a flag indicating whether the IC card is unused or in use. The INVALID flag area 17g stores a flag indicating whether the contents of the IC card is valid or invalid.

[0067] The value data area 17h stores the value data. The value data, which is money information, for instance, can be updated based on transactions. The transaction history area 17i stores information on the history of receiving and transferring the value data. The checksum data area 17j stores checksum data for checking correctness of all the IC card data. The program area 17k stores the program controlling the CPU 13. The single use flag setting area 17l stores a flag determining whether to authorize single use of the IC card when data duplication cannot be performed with another IC card.

[0068] The card characteristic number area 17a, the card number registration area 17b, the apparatus number registration area 17c, the version number management area 17d, the pair failure flag area 17e, the UNUSED flag area 17f, the INVALID flag area 17g, the value data area 17h, the transaction history area 17i, the checksum data area 17j, the program area 17k, and the single use flag setting area 17l of the nonvolatile memory 14 are all duplicated.

[0069] Next, a detailed description will be given of an operation according to a method of authenticating duplicate cards which method is executed when the electronic money management apparatus 16 is started.

[0070] FIGS. 4A through 4D are flowcharts of the duplicate cards authentication operation according to the first embodiment of the present invention.

[0071] In step S1-1 of FIG. 4A, the IC cards 17-1 and 17-2 are loaded into the electronic money management apparatus 16 and the electronic money management apparatus 16 is turned on. When the IC cards 17-1 and 17-2 are loaded into the electronic money management apparatus 16 and the electronic money management apparatus 16 is turned on in step S1-1, the IC cards 17-1 and 17-2 are also turned on so that the control programs are started, and the correctness of the data is checked in each of the IC cards 17-1 and 17-2.

[0072] FIG. 5 is a flowchart of an operation of checking the correctness of the data of each IC card of the first embodiment of the present invention.

[0073] After the electronic money management apparatus 16 is turned on, in step S2-1, the loaded IC cards 17-1 and 17-2 are turned on.

[0074] After the IC cards 17-1 and 17-2 are turned on in step S2-1, step S2-2 is performed on the IC cards 17-1 and 17-2. In step S2-2, all of the data stored in the nonvolatile memory 14 of each of the IC cards 17-1 and 17-2 is read out so that the exclusive logical sum of (that is, the result of an XOR operation performed on) all of the data read out from each nonvolatile memory 14 is obtained.

[0075] After the exclusive logical sum of all of the data read out from each nonvolatile memory 14 is obtained in step S2-2, in step S2-3, the exclusive logical sum is compared with the checksum data stored in the checksum data area 17j of the nonvolatile memory 14. In step S2-4, it is determined, as a result of the comparison in step S2-3, whether the checksum data stored in the checksum data area 17j of the nonvolatile memory 14 matches the exclusive logical sum of all of the data obtained in step S2-2.

[0076] If the checksum data matches the exclusive logical sum of all of the data in step S2-4, it is deter

uspto.report is an independent third-party trademark research tool that is not affiliated, endorsed, or sponsored by the United States Patent and Trademark Office (USPTO) or any other governmental organization. The information provided by uspto.report is based on publicly available data at the time of writing and is intended for informational purposes only.

While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, reliability, or suitability of the information displayed on this site. The use of this site is at your own risk. Any reliance you place on such information is therefore strictly at your own risk.

All official trademark data, including owner information, should be verified by visiting the official USPTO website at www.uspto.gov. This site is not intended to replace professional legal advice and should not be used as a substitute for consulting with a legal professional who is knowledgeable about trademark law.

© 2024 USPTO.report | Privacy Policy | Resources | RSS Feed of Trademarks | Trademark Filings Twitter Feed